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□ 1. Document ID: US 6640251 Bl 

L27: Entry 1 of 1 



File: USPT 



Oct 28, 2003 



DOCUMENT-IDENTIFIER: US 6640251 Bl 

TITLE: Multicast-enabled address resolution protocol (ME-ARP) 



Detailed Description Text (17) : 

In order to forward IP unicast traffic, an enhanced version of proxy ARP is used. 
The differences from the standard proxy ARP are: a) all ARP requests matching the 
customers IP subnet are encapsulated and forwarded to all VPN members by sending 
them to the VPN's IP multicast address. Note: The CPE device cannot determine, if 
an IP device is connected to the local physical segment or not. b) a forwarded ARP 
request, after decapsulation, will replace the source hardware address (MAC, Media- 
Access-Control or physical Address) not with the routers own interface MAC address, 
but by a calculated address containing the tunnel source IP address, an interface 
unique VPN Id (e.g. VPN instance Id) and a CPE Id (to avoid loops in case of CPE 
redundancy) . 

Detailed Description Text (18) : 

The result of this "multicast enhanced ARP" (ME-ARP) process is that the customers 
IP devices will keep all relevant information about the destination tunnel endpoint 
and VPN membership in their ARP table. There is no overhead involved, if compared 
to a real physical IP subnet. 

Detailed Description Text (27) : 

In operation, with reference to FIGS. 3, 4, 5 and 6, end station A wants to send an 
IP packet to end station B on the same logical subnet but connected to different 
gateways. It is assumed, that the ARP tables 80 and 81 from both end stations are 
empty. Therefore end station A sends an ARP request 50 to the ethernet broadcast 
address 51. CPE A, configured with the proper VPN information, checks the source IP 
address 52 of the ARP request packet 50 against its UVIP interfaces configured on 
the physical interface. In case of a match, it encapsulates the whole, unmodified, 
ARP request 50 into an IPsec packet 55 including the VPN identifier 56 (equals 
assigned IP multicast address) and forwards packet 55 to the VPN's multicast 
address 57 using the configured local IP tunnel-endpoint 58 as source address. CPE 
A also adds a local ARP entry for end station A in its ARP table 72 for that UVIP 
interface. (CPE A will forward the ARP request, even if end station B is connected 
to the same physical network) . 

Detailed Description Text (28) : 

All CPEs joining the VPN will receive this encapsulated ARP request, unpack it, and 
forward out the local UVIP interface with the following modification to the 
original ARP request 55: replace the original HW source address 59 (MAC address 
from end station A) with a calculated MAC address containing the tunnel end-point 
IP address from CPE A(=source address from the received IPsec packet) and an 
optional interface unique VPN Id. 



h eb bgeeef ehg ef be 



Record List Display 



Page 2 of 2 



Detailed Description Text (29) : 

This new HW source address 60 is replaced in the ethernet header as well as in the 
ARP packet 61. 

Detailed Description Text (31) : 

CPE A decapsulates the ARP reply packet 67, checks the destination or target IP 
address 68 and replaces the destination or target MAC address 69 with the address 
found in its local ARP cache, and sends the constructed ARP reply 70 out to end 
station A on the local attached physical LAN segment. In addition, the source MAC 
address 71 (in the Ethernet header and ARP packet) is replaced with a constructed 
MAC address 72 containing an optional interface locally unique VPN Id and the IP 
address of CPE B (where the ARP reply came from) . 

CLAIMS : 

4 . A method of sending a multicast IP packet from a first end station to multiple 
end stations, said first and multiple end stations being on the same logical subnet 
and connected to different CPEs, comprising: receiving said multicast IP packet at 
each CPE; encapsulating said IP multicast packet; and forwarding said encapsulated 
IP multicast packet to a VPN assigned multicast address wherein said IP multicast 
packet is received by each CPE which has been configured to said VPN, wherein at 
each CPE receiving said forwarded ARP request, the request is decapsulated to 
replace the source hardware address by a calculated address containing the tunnel 
source IP address, an interface unique VPN ID and a CPE ID. 
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□ 1. Document ID: US 6775713 Bl 

L25: Entry 1 of 6 



File: USPT 



Aug 10, 2004 



DOCUMENT- IDENTIFIER: US 6775713 Bl 

TITLE: Application program interface for abst 



facting control of a cable modem 




Detailed Description Text (25) : 

HAL 60 establishes a connection between^ MAC layer 50 and physical layer 70 and 
permits any host to operate with anyycable modem, so long as the cable modem and 
associated software are compatible With hardware abstraction layer 60 / HAL 60 is an 
application program interface (APJ/j, in one embodiment, that interfaces with MAC 
layer 50 and physical layer 70. 
to separate the physical layer 



jrthermore, HAL 60 , in one embodiment is intended 
from a software layer. In effect, ^HAL 60 presents a 
defined interface to physical/layer 70. Physical layer 70 processes the data 
received over the cable netw/^rk such that it is compatible with/ HAL 60. HAL 60 is 
able to retrieve the information taken off the cable network Joy physical layer 70 
and present it to the higher protocol layers. HAL 60 also functions to transfer 
data from MAC layer 50 to physical layer 70. In effect, HA£ 60 replaces a top 
portion of physical la^er 70 and a bottom portion of MACiayer 50. 
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□ 2. Document ID: US 6640251 Bl 

L25: Entry 2 of 6 



File: USPT 



Oct 28, 2003 



DOCUMENT-IDENTIFIER: US 6640251 Bl 

TITLE: Multicast-enabled address resolution protocol (ME-ARP) 



Detailed Description Text (17): 

In order to forward IP unicast traffic, an enhanced version of proxy ARP is used. 
The differences from the standard proxy ARP are: a) all ARP requests matching the 
customers IP subnet are encapsulated and forwarded to all VPN members by sending 
them to the VPN's IP multicast address. Note: The CPE device cannot determine, if 
an IP device is connected to the local physical segment or not. b) a forwarded ARP 
request, after decapsulation, will replace the source hardware address (MAC, Media- 
Access-Control or physical Address) not with the routers own interface MAC address, 
but by a calculated address containing the tunnel source IP address, an interface 
unique VPN Id (e.g. VPN instance Id) and a CPE Id (to avoid loops in case of CPE 
redundancy) . 
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Detailed Description Text (28): 

All CPEs joining the VPN will receive this encapsulated ARP request, unpack it, and 
forward out the local UVIP interface with the following modification to the 
original ARP request 55: replace the original HW source address 59 (MAC address 
from end station A) with a calculated MAC address containing the tunnel end-point 
IP address from CPE A(=source address from the received IPsec packet) and an 
optional interface unique VPN Id. 

Detailed Description Text (29) : 

This new HW source address 60 is replaced in the ethernet header as well as in the 
ARP packet 61. 

Detailed Description Text (31): 

CPE A decapsulates the ARP reply packet 67, checks the destination or target IP 
address 68 and replaces the destination or target MAC address 69 with the address 
found in its local ARP cache, and sends the constructed ARP reply 70 out to end 
station A on the local attached physical LAN segment. In addition, the source MAC 
address 71 (in the Ethernet header and ARP packet) is replaced with a constructed 
MAC address 72 containing an optional interface locally unique VPN Id and the IP 
address of CPE B (where the ARP reply came from) . 



4. A method of sending a multicast IP packet from a first end station to multiple 
end stations, said first and multiple end stations being on the same logical subnet 
and connected to different CPEs, comprising: receiving said multicast IP packet at 
each CPE; encapsulating said IP multicast packet; and forwarding said encapsulated 
IP multicast packet to a VPN assigned multicast address wherein said IP multicast 
packet is received by each CPE which has been configured to said VPN, wherein at 
each CPE receiving said forwarded ARP request, the request is decapsulated to 
replace the source hardware address by a calculated address containing the tunnel 
source IP address, an interface unique VPN ID and a CPE ID. 

8. A method of sending an IP packet from a first station to a second end station, 
wherein said first and second end stations are one the same logical subnet but 
connected to different CPEs, the method comprising: a) sending from a first end 
station an ARP request with an Ethernet broadcast address; b) at a first CPE 
associated: with said first end station, intercepting said ARP request packet and 
verifying the intercepted IP address against a corresponding unnumbered virtual 
packet network (UV) IP interface; c) if a match is verified, encapsulating said ARP 
request into an IPsec packet with a VPN identifier; d) forwarding said IP sec 
packet to a VPN's multicast address using configured local IP tunnel-endpoint as a- 
source address, e) said first CPE further adding a local ARP entry for said first 
end station in its ARP table for said UVIP interface; f) receiving said 
encapsulated ARP request at each CPE connected to said VPN; g) unpacking, modifying 
and forwarding said ARP request out of the local UVIP interface when received at 
said CPE; and h) modifying said ARP request at each CPE by replacing the original 
HW source address with a calculated MAC address containing the tunnel endpoint IP 
address from said first CPE and an interface unique VPN ID thuse providing a new HW 
source address to replace in the Ethernet header as well as in the ARP itself. 
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DOCUMENT- IDENTIFIER: US 6611867 Bl 

** See image for Certificate of Correction ** 

TITLE: System, method and article of manufacture for implementing a hybrid network 
Detailed Description Paragraph Table (9) : 

Option Option Risk A B The lead-time delivery for ATM links has to be .check 
mark.. check mark.. check mark.. check mark, .check mark.. check mark.. check 
mark.. check mark, considered carefully {ATM access solutions are still not ready 
everywhere and service providers are experiencing serious delays especially in 
Europe) . The last-mile access from the Point-of-Presence of the ATM service 
providers to the US sites can be a problem (US Regulation) as it might be required 
to use the infrastructure of a local carrier. It implicates Technological problems 
as well as extra costs. The Cable & Wireless ATM service has insufficient .check 
mark.. check mark, .check mark.. check mark.. check mark.. check mark, functionality 
e.g., transport of P-NNI signaling data units, inability to support control of end- 
to end delay to enable the desired capabilities to be meaningfully demonstrated. 
The detailed functionality of CISCO routers and .check mark.. check mark, .check 
mark.. check mark.. check mark. WAN switches is insufficient or inconsistent 
preventing the end-to-end services being implemented. Overall network integration 
is more complex that originally anticipated leading to serious inter- working 
problems between customer, POP and C&W core equipment. Developments of IP switching 
proceed such that .check mark.. check mark, carriers rapidly adopt a pure-IP 
infrastructure with IP based deterministic QoS mechanisms thus necessitating rapid 
upgrade or replacement of the MG28850 switches. Traffic capacity for the 
demonstration services .check mark.. check mark, .check mark.. check mark, grows in a 
rapid, unpredictable way outpacing the ability of the routers and core 
infrastructure to handle the demand. Network management system integration is 
more .check mark.. check mark, .check mark.. check mark.. check mark, complex than 
originally anticipated undermining effort to produce end-to-end capabilities. In- 
band solutions to the provision of Network .check mark, .check mark.. check mark. 
Management Data Communications Network cannot be found resulting in the need for a 
separate overlay NMS DCN. Equipment chosen is over-engineered for the .check 
mark.. check mark, .check mark.. check mark.. check mark, specific applications 
implemented resulting in non-cost effective utilization of capital resources. 
Redundancy of Network Elements (e.g. Routers, .check mark.. check mark, .check mark. 
MGX 8650) and sites interconnection links is not provided by both options, 
therefore the networks present single points of failures. No security features are 
proposed by the two .check mark, .check mark, options. Firewalls might be added 
when the network fabric is interconnected with third party. May be unable to secure 
sufficient maintenance .check mark.. check mark.. check mark.. check mark, .check 
mark.. check mark.. check mark.. check mark, resource for the network with appropriate 
training and support. Agreed SLAs are essential between NT market offering staff 
and the designated maintenance agent. 
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File: USPT 



Nov 12, 2002 



DOCUMENT-IDENTIFIER: US 6480748 Bl 

TITLE: Facility management platform for a hybrid coaxial/twisted pair local loop 
network service architecture 
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Detailed Description Text (3) : 

According to FIG. 1A, an intelligent services director (ISD) 22 may be coupled to a 
telephone central office 34 via a twisted-pair wire, hybrid fiber interconnection, 
wireless and/or other customer connection 30, a connector block 26, and/or a main 
distribution frame (MDF) 28. Referring briefly to FIG. IB, the ISD 22 is replaced 
by either a residential gateway 22-2 (when an interexchange carrier partners with a 
cable television service provider) or an integrated residential gateway 22-1 (when 
an interexchange carrier is integrated with the cable television service provider. 
FIG. IB further shows other cable operators distribution infrastructure 70 or 
interexchange carrier (IXC) owned infrastructure 74 connected to a CATV headend 
infrastructure 68 which may include an inter-exchange carrier coaxial Cable 
Facilities Management Platform 32-1. Per FIG. IB, the CATV headend 68 is in turn 
connected to a backhaul SONET ring 42 and to various alternative service networks 
including but not limited to IXC SS-7 based services 44, interspan, frame relay 
services 48 (to corporate intranets 62), and via frame relay 48, Internet service 
cloud 50 or IXC core network 60 to electronic commerce vendors 64 . 

Detailed Description Text (98) : 

The tap is comprised of a series of splitters which simply split the power into 
each of the individual tap sections. So as a minimum, the tap has to be redesigned 
such that the tap continually passes power to the house over the tap drop 
regardless of whether the faceplate is removed through the tap as being serviced. 
In this manner, the tap may include first and second circuit boards with the first 
circuit board providing nothing more than a power takeoff and signal takeoff of the 
main board. Today there exists cable with coax and twisted pair and power leads all 
within a single cable, some of which also include fiber. Accordingly, in one aspect 
of the invention, coming out of each of the taps is a specialized cable that 
includes not only a coaxial connection but also a power connection and/or a twisted 
pair connection. Commscope is a supplier of customized cable that will allow 
twisted pair and coax cables to coexist. The options with the tap box for cable or 
pedestal mounting are as follows: in a first embodiment the tap box would simply 
have a single printed circuit board having a plurality of connectors on the circuit 
board and an EMI and hermetic seal, circular seal around each of the connectors so 
that when the top of the tap box was placed and screwed onto the bottom of the tap 
box, the hermetic seal would seal each of the coaxial connectors and thus, the top 
could be removed from the tap box without affecting the printed circuit board 
disposed therein. In alternate embodiments, the coaxial cable outputs or taps could 
be located in the back, top or side of the tap box and thus not need to be removed 
when the faceplate was removed. One advantage of the IP telephony is that the 
telephone call circuit is not broken just because you removed and replaced the 
plate or a tap circuit board in a cable distribution network. The IP telephony call 
will often allow you to break for several seconds to several minutes without 
actually losing the call. 

Detailed Description Text (102): 

For multi-dwelling units, it is also possible to use similar concepts. In a multi- 
dwelling unit, a line is run either from a node or from a tap with a splitter into 
a multi-dwelling unit then within the multi-dwelling unit there are a plurality of 
taps located in a patch board in the basement for supplying each of the individual 
dwelling units. For example, a particular apartment may have an apartment amplifier 
which brings the signal in off of one tap or a node and amplifies that signal and 
then redistributes the signal to each of the individual apartments. In this manner, 
the amplifier may also include a high performance ISD/IRG for supplying PBX and 
other user services to each of the multi-dwelling units. The high performance 
ISD/IRG and integrated apartment amplifier, provides the following functionality; 
cable television service, high speed Internet access, telephony, data services, 
alarm and monitoring and all of the other services with have in the 4 9 previous 
applications. The ISD/IRG in the multi-dwelling unit also provides lifeline support 
and may include a battery backup. The apartment house can also be wired with the 
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hybrid coax/twisted pair cable such that each of the individual dwelling units gets 
not only cable television but also its telephony services directly from the high 
performance integrated ISD/IRG apartment complex amplifier. The ISD/IRG in either 
the tap or in the home environment, the ISD/IRG will be substantially the same as 
the prior ISD in the applications filed Dec. 31, 1997 with the exception that the 
ADSL modem/lifeline will be replaced by a new cable modem/lifeline configuration. 
Accordingly, the cable modem will need a bypass mechanism whereby a lifeline 
support can bypass the cable modem and power the critical phone devices within the 
home. This can be configured substantially the same way as the lifeline bypassing 
the ADSL modem in the prior applications. 



DOCUMENT- IDENTIFIER: US 5666487 A 

TITLE: Network providing signals of different formats to a user by multplexing 
compressed broadband data wijfth data of a different format into MPEG encoded data 
stream f 



Detailed Description Text (38): 

FIG. 8 discloses a digital entertainment terminal (DET) 202 in accordance with a 
preferred embodiment of the present invention. As mentioned previously, network 
interface module 201 may take the form of a plug in module. In one embodiment, NIM 
201 would be similar to a daughter board or option card which can be plugged into a 
back plane of a personal computer (PC) . In such an embodiment, typically a 
technician could replace the module in either the field or the shop, to modify a 
DET to connect to and communicate over a different network, and the technician 
would modify associated communications control software in the system memory. 
Alternative implementations may use a user replaceable cartridge type network 
interface module, similar to a video game cartridge, which may include memory in 
the module for storage of the communications control. As a further alternative, the 
network interface module could include a digital signal processor controlled by the 
CPU of the DET and input/output connections compatible with all of the digital 
broadband networks currently available. The downloaded operating system software 
stored in the system memory of the DET would control operations of the digital 
signal processor to send and receive signals in accord with the particular network 
the subscriber chooses to connect the DET to. 

Detailed Description Text (45) : 

The graphics overlay controller 833 and the video RAM 835 actually cooperate to 
manipulate five different planes of video information, four of which can be active 
at any one time, to produce the composite video frame output signals. The 
individual planes comprise the decoded MPEG video frames, a cursor, two 
graphics/text image planes manipulated by the microprocessor 810 and a backdrop 
plane. The backdrop plane would be switched in to replace the plane representing 
the decoded MPEG video frames, e.g. to present a blue background instead of the 
MPEG video background. 

Detailed Description Text (46) : 

When there are no graphics or text, the composite frames would correspond entirely 
to the uncompressed received video frames output by the MPEG video decoder 829. 
When no received video frames are to be output, either when none are received or 
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File: USPT 
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when they are to be entirely replaced, the information from the graphics overlay 
generator 833 would specify a background and the active planes of text or graphic 
information. When received video frames are combined with text and/or graphics, the 
composite video frames include the uncompressed received video frames with selected 
pixels thereof replaced with graphics or textual data display pixels specified by 
the graphics overly controller 833. In this last situation, the graphics overlay 
controller would deactivate the backdrop plane. 



DOCUMENT-IDENTIFIER: US 5650994 A 

TITLE: Operation support system for service creation and network provisioning for 
video dial tone networks 



Detailed Description Text (24): 

The service creation function also includes monitoring network assets. Such 
monitoring includes comparing existing equipment and facilities to existing and 
projected service demands to determine if additional capital equipment is 
necessary. The monitoring of network assets may be affected by, for example, 
increased usage in specific serving areas, seasonal variations in usage (e.g., 
increased use in winter), or replacing obsolete equipment. 

Detailed Description Text (55) : 

The PVC Controller 248 and the access subnetwork controller (ASNC) 240 also are 
computers having the appropriate network interfaces and software programming. The 
ACC 4000 is a computer system programmed to administer encryption keys and NIM 
network addresses in the hybrid-fiber-coax type access subnetwork. Computers 
similar to the ACC 4000 are used today in CATV headend systems, but those computers 
also run software relating to other CATV operations, e.g. billing. In technologies 
such as fiber-to-the-curb or f iber-to-the-home, the ACC 4000 may be replaced with a 
Video Access Manager (VAM) . 

Detailed Description Text (57): 

The broadcast consolidation section 100 serves as the broadcast head-end and 
network POI for broadcast VIPs 114 and 116. The broadcast consolidation section 100 
is adapted to receive broadcast video data in any format that may be convenient for 
the VIP. Specifically, the broadcast consolidation section 100 includes a digital 
encoder 118 to convert baseband analog video signals, for example from VIP 116, 
into a digitally-compressed DS-3 signal stream. Alternatively, the digital encoder 
118 could be replaced with an MPEG-2 encoder to provide compressed MPEG-2 packets 
at a DS-3 rate. 

Detailed Description Text (77): 

Each LVAN 112 receives the consolidated broadcast data from the corresponding VNH 
104. The LVAN 112 combines the received RF signals from the VNH 104 with any data 
transmitted by the ATM backbone subnetwork 106 addressed to a subscriber served by 
the LVAN 112. The resulting RF signal is transmitted via a local loop distribution 
network 124 to a number of customer premises 126 (only one shown for convenience) . 
As discussed below with reference to FIG. 6, the local loop distribution 124 is 
preferably arranged as a hybrid fiber-coax distribution system, although an ADSL 
system or a fiber-to-the-curb system may be substituted . 
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Detailed Description Text (235) : 

Referring to FIG. 9B, step 1 shows that a VIU will request activation of digital 
broadcast services by calling a VIP or a VIP agent. In step 2, the VIP negotiates 
the service request to establish details of the subscriber's account, including the 
steps of: verifying the customer VDT status using the LUDB information previously 
supplied by the OSS; determining the drop status, e.g., whether the customer's 
living unit has an existing coax drop and NID 214 as shown in FIG. 6; and 
determining if the customer requires a DET or additional DETs . In addition, the VIP 
negotiates with the VIU for authorization to use or replace existing inside wire 
for the customer premises. The VIP will also negotiate installation due dates, and 
preauthorize VIU for the selected services, for example pay per view purchases. 
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41. A computer program product as in claim 37, wherein the function comprises a 
CmHalSetlnfoHandler function that permits the media access controller to write one 
or more cable modem hardware registers, and wherein the one or more parameters 
comprise an Oid parameter that specifies a hardware object to set, a Param 
parameter that identifies a specific instance of the hardware object if multiple 
instances could exist in hardware, an InfoBuffer parameter that specifies 
information to be written, and an Inf oBuf f erLen parameter that specifies a length 
of the InfoBuffer paramter. 

42. A computer program product as in claim 37, wherein the function comprises a 
CmHalQuerylnfoHandler function that allows the media access controller to query 
information from the cable modem, and wherein the one or more parameters comprise 
an Oid parameter that specifies a hardware object to query, a Param parameter that 
identifies a specific instance of the hardware object rf multiple instances could 
exist in hardware, an InfoBuffer parameter that specifies a location to write a 
result of the query, and an Inf oBuff erLen parameter that specifies a length of 
information written to the InfoBuffer. 

43. A computer program product as in claim 37, wherein the function comprises a 
CmHalSetModeHandler function that permits the media access controller to write one 
or more cable modem hardware registers and to set a mode of operation for the cable 
modem, and wherein the one or more parameters comprise a Mode parameter that 
specifies the mode of operation for the cable modem that needs to be set, a Param 
parameter that identifies a specific instance of the hardware object if multiple 
instances could exist in hardware, and a Flag parameter that specifies whether the 
mode of operation for the cable modem should be turned on or turned off. 

44. A computer program product as in claim 37, wherein the function comprises a 
CmHalQueryModeHandler function that allows the media access controller to query the 
cable modem for the cable modem's mode of operation, and wherein the one or more 
parameters comprise a Mode parameter that specifies the mode of operation for the 
cable modem to be queried, a Param parameter that identifies a specific instance of 
the hardware object if multiple instances could exist in hardware, and a Flag 
parameter that that indicates whether the mode of operation for the cable modem is 
currently turned on or turned off. 
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TITLE: Multicast-enabled address resolution protocol (ME-ARP) 



Abstract Text (1) : 

A Multicast-Enabled Address Resolution Protocol (ME-ARP) is disclosed. This ME-ARP 
allows the building of independent IP based Virtual Private LAN segments (VPLS) 
over a multicast enabled IP backbone using stateless tunnels and optimal VPLS 
traffic forwarding. Each VPLS has an associated IP subnet which is completely 
independent from other VPLS or the underlying IP backbone itself. Each Customer 
Premises Equipment (CPE) device needs only to be configured with a VPLS identifier 
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and its serving IP subnet per VPLS designated interface. 
Brief Summary Text (4) : 

The popularity of the Internet is driving requirements for secure and segregated IP 
interconnection of remote sites. One solution is to use the underlying network 
supporting virtual connections i.e. Frame Relay or ATM. These virtual connections 
can be separated by provisioning to form a Virtual Private Network which is Layer 3 
protocol transparent. However if the underlying network is IP itself, as is the 
case with the Internet then IP tunnels can be used to interconnect two or more 
sites. Any other known layer 2 VPN (Virtual Private Network) solution used in the 
prior art requires a centralized server where all CPE ( Customer Premises Equipment ) 
and IP devices have to be statically or dynamically registered, like LANE (Local- 
Area-Network Emulation), NHRP (Next-Hop-Routing - Protocol ) or Classical IP. 

Brief Summary Text (8) : 

Another aspect of the present invention is to provide a Multicast-Enabled Address 
Resolution Protocol (ME-ARP) . This invention allows the building of independent IP 
based Virtual Private LAN segments (VPLS) over a multicast enabled IP backbone 
using stateless tunnels and optimal VPLS traffic forwarding. Each VPLS has an 
associated IP subnet which is independent from other VPLS or the underlying IP 
backbone itself. Each Customer Premises Equipment (CPE) device needs only to be 
configured with a VPLS identifier and its serving IP subnet per VPLS designated 
interface. In addition, each end station connected to a Physical LAN Segment (PLS) 
does not need to be modified in order to be a member of the VPLS. No other 
configuration parameters e.g. list of CPE devices, their logical or physical 
locations nor their IP addresses are required. The unique invention is ME-ARP 
(Multicast Enabled Address Resolution Protocol ) including the creation of 
constructed lower layer address based on VPN (Virtual Private Network) Id and 
tunnel endpoint . Advantages provided by the method of the present invention 
include: a) separation of customer IP address space from either the service 
provider or another customer determined by policy not to be in the same virtual 
private network (VPN); b) capability for a remote site to belong to one or more VPN 
as long as the VPN policy allows. To provide support for IPv4 based applications at 
this point; c) transparent or Routed VPN's (by use of external routers) can be 
constructed independently or: combined with this architecture; d) due to the use of 
an underlying IP multicast network to forward VPN broadcast traffic in this 
solution there is no need to^ provide address or broadcast servers; and e) VPN 
traffic forwarding is achieved via stateless and optionally secured tunnels which 
are optimally routed using the underlying IP network backbone routing architecture. 



Detailed Description Text (2) : 

In order to facilitate the description of the invention, the following 
abbreviations have been used. The terminology used in this document is based on the 
definitions proposed by the Internet Engineers Task Force (IETF) . CBT Core Based 
Tree Multicast Routing Protocol CPE Customer Premises Equipment DVMRP Distance 
Vector Multicasting Routing Protocol GRE Generic Routing Encapsulation IGMP 
Internet Group Management Protocol LAN Local Area Network MOSPF Multicast 
extensions for Open Shortest Path First PA Provider Address PIM Protocol 
Independent Multicast PLS Physical LAN Segment VPN Virtual Private Network VPLS 
Virtual Private LAN UVIP Unnumbered VPN Internet Protocol 

Detailed Description Text (4 ) : 

The term " Customer Premises ' Equipment " (CPE) defines an edge device (e.g., router, 
etc.), fully managed by the provider, connecting a customers PLS to its VPN. 

Detailed Description Text (14) : 

Stateless tunnels or links are used in CPE ( Customer Premises Equipment ) between 
connected sites. The remote tunnel endpoint address information is directly mapped 
into the link layer address. ME-ARP is used for IP address resolution inside a 
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VPLS. As a result, VPN connected IP devices will keep all relevant information 
about the destination tunnel endpoint and VPN membership in their own address 
resolution (ARP) table. Special unnumbered IP LAN interfaces will generate the link 
layer address based on a configured VPN identifier and dynamically learned tunnel 
endpoints (via ME-ARP) . 

Detailed Description Text (17) : _ 

In order to forward IP unicast traffic, an enhanced version of proxy/ARP^is usedTN 
The differences from the standard proxy ARP are: a) all ARP request/ matching theJ 
customers IP subnet are encapsulated ancifgr_warded to all VPN members ^ by se^p dirFrcr 
them to the VPN's IP multicast addres^s-^Note r^he CPE device cannot deter mine, if 
an IP device is connected to the Local physical segment or not. b) a 
request, after decapsulation, will replace the/source hardware addre 
Access-Control or physical Address^ not^wj^T the routers own interfa 
but by a calculated address containing the tunnel source IP address, 
unique VPN Id (e.g. VPN instance Id) and a CPE Id (to avoid loops in 
redundancy) . 

Detailed Description Text (18) : 

The result of this "multicast enhanced ARP" (ME-ARP) process is that the customers 
IP devices will keep all relevant information about the destination tunnel endpoint 
and VPN membership in their ARP table. There is no overhead involved, if compared 
to a real physical IP subnet. 

Detailed Description Text (22) : 

Based on the VPLS membership using IP multicast, there is no need for a central VPN 
membership database or protocol to distribute this information. It is enough to 
configure a new VPN member (physical segment) in the connecting CPE device. The 
following minimal information is configured per UVIP (Unnumbered VPN IP) interface: 
a) VPN IP multicast Id; b) IP Network/Mask. Assigned by the customer from the 
Client Address (CA) space. This information is used to determine the correct VPN, 
based on either source or destination IP address. This is important to support 
multi-netting on the same physical interface with many VPNs; c) Tunnel IP address. 
This address from the Provider Address (PA) space is used to forward VPN traffic 
over the IP backbone to the correct tunnel end-point^Cbcmnd to a VPN interface) . 
The VPN identifier in each encapsulated packet carrSpe used to identify the correct 
logical UVIP interface inside the CPE device; d)[ MAC calculation algorithm. This 
optional, but recommended, configuration paramet^r_ajJrtfws the support of different 
MAC address calculation to prevent possible duplicates. 

Detailed Description Text (27) : 

In operation, with reference to FIGS. 3, 4, 5 and 6, end station A wants to send an 
IP packet to end station B on the same logical subnet but connected to different 
gateways. It is assumed, that the ARP tables 80 and 81 from both end stations are 
empty. Therefore end station A sends an ARP request 50 to the ethernet broadcast 
address 51. CPE A, configured with the proper VPN information, checks the source IP 
address 52 of the ARP request packet iflT^a^instTNits UVIP interfaces configured on 
the physical interface. In case of af match, it encapsulates the whole, unmodified, 
ARP request 50 into an IPsec packet T35 including the VPN identifier 56 (equals 
assigned IP multicast address) and f obw^rjds^j5acket 55 to the VPN ! s multicast 
address 57 using the configured local IP tunnel-endpoint 58 as source address. CPE 
A also adds a local ARP entry for end station A in its ARP table 72 for that UVIP 
interface. (CPE A will forward the ARP request, even if end station B is connected 
to the same physical network) . 

Detailed Description Text (28 : ) : 

All CPEs joining the VPN will receive this encapsulated ARP request, unpack it, and 
forward out the local UVIP interface with the following modification to the 
original ARP request 55(: replace the original HW/source address 59 ( MAC address 
from end station A) with a calculated MAC address containing the tunnel end-point 
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IP address from CPE A(=source addre ss j rom the received IPsec packet) and an 
optional interface unique VPN Id.' 



in the ethernet header as well as in the 



Detailed Description Text (29), 
This new HW source address 60 (is replacg 
ARP packet 61. 




Detailed Description Text (30) : 

CPE B might add an entry to its ARP table 83 for caching. End station B receives 
the ARP request 62 and respond to it with a normal ARP reply containing its 
physical HW MAC address 64 as source in the ethernet header and in the ARP reply 
packet 65. An ARP entry for end station A with the source MAC address from the ARP 
request is added on end station B. The ARP table 81 of end station B now contains 
an entry for end station A with a constructed MAC address containing the tunnel- 
endpoint IP address and VPN Id. CPE B, configured to listen for constructed MAC 
addresses, identifies the ARP reply 63 from end station B by checking the source 
MAC address 64 as well as the source IP address 66 (part of VPN 1 s IP network), 
encapsulate and forwards the ARP reply 67 directly to the addressed tunnel endpoint 
(extract tunnel endpoint IP address from destination MAC address) . 

Detailed Description Text (31): 

CPE A decapsulates the ARP reply packet 67, checks the destination or target IP 
address 68 and replaces the destination or target MAC address 69 with the address 
found in its local ARP cache, and sends the constructed ARP reply 70 out to end 
station A on the local attached physical LAN segment ./fn addition^ the source MAC 
address 71 (in the Ethernet header and ARP packet) iy replaced witti a constructed 
MAC address 72 containing an optional interface locally unique >E*N Id and the IP 
address of CPE B (where the ARP reply came from) . 

Detailed Description Text (33) : 

Finally, end station A receives the ARP reply packet 70 and builds an entry in its 
ARP table 80 with an entry for end station B and the MAC address containing the 
remote tunnel endpoint IP address and VPN Id. 
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CLAIMS: 



4. A method of sending a multicast IP packet from a first end station to multiple 
end stations, said first and multiple end stations being on the same logical subnet 
and connected to different CPEs, comprising: receiving said multicast IP packet at 
each CPE; encapsulating said IP multicast packet; and forwarding said encapsulated 
IP muTtri^ast packet to a VPN- assigned multicast address wherein said IP multicast 
received by each CPE which has been configured to said VPN, wherein at 
receiving said forwarded ARP request, the request is decapsulated to 
:he source hardware address by a calculated address containing the tunnel 
'IP address, an interface unique VPN ID and a CPE ID. 

8. A method of sending an IP packet from a first station to a second end station, 
wherein said first and second end stations are one the same logical subnet but 
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connected to different CPEs, the method comprising: a) sending from a first end 
station an ARP request with an Ethernet broadpa-st--address; b) at a first CPE 
associated: with said first end station, -Intercepting said ARP request packet and 
verifying the intercepted IP address agaftnst a corresponding unnumbered virtual 
packet network (UV) IP interface; c) if la match is verified, encapsulating said ARP 
request into an IPsec packet with a VPN ^dento^f-ier ; d) forwarding said IP sec 
packet to a VPN's multicast address using configured local IP tunnel-endpoint as a- 
source address, e) said first CPE further adding a local ARP entry for said first 
end station in its ARP table for said UVIP interface; f) receiving said 
encapsulated ARP request at each CPE connected to said VPN; ^g_). unpacking, modifying 
and forwarding said ARP/rec^st out of the local UVIP inter/face when received at 



said CPE; and h) modTfying s"ald ARP request at each CPE by ( replacing the/original 
HW source address /with a calculated MAC address containing \the tunnel^ndpoint IP 
address from said If irst CPE arid an interface unique VPN ID tht*&e— providing a new HW 
source address to Replace yrf the Ethernet header as well as in the ARP itself. 
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Drawing Description Text (92) : 

FIG. 72 is a table containing an alternative solution evaluation matrix used to 
evaluate the pro f s and con's of various alternatives at a high level by assigning 
comparative ratings to each area; 

Detailed Description Text (29) : 

For a communication session to proceed between the parties to a connection, it is 
essential that data be presented in a form that can be recognized and manipulated. 
The sequence of required tasks at each end, such as the format of the data 
delivered to a party, the rate of delivery of the data, and resequencing of packets 
received out of order, is generally handled in an organized manner using layered 
communication architectures. Such architectures address the two portions of the 
communications problem, one being that the delivery of data by an end user to the 
communication network should be such that the data arriving at the destination is 
correct and timely, and the other being that the delivered data must be 
recognizable and in proper form for use. These two portions are handled by 
protocols, or standard conventions for communication intelligently, the first by 
network protocols and the second by higher level protocols. Each of these protocols 
has a series of layers . Examples of layered architectures include the Systems 
Network Architecture (SNA) developed by IBM, and the subsequently developed Open 
Systems Interconnection (OSI) reference model. The latter has seven layers, three 
of which are network services oriented including physical, data link, and network 
layers, and the other four providing services to the end user by means of 
transport, session, presentation, and application layers, from lowest to highest 
layer . 

Detailed Description Text (31): 

X.25 is employed for virtual circuit (VC) connections, including the call setup, 
data transfer, and call clearing phases. Call setup between DTEs connected to the 
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